Exploit Maturity
Exploit maturity classifies the current state of public exploitation evidence for a CVE. BreachSpider sets this field from multiple data sources refreshed daily.
Tiers
| Maturity | Value | Meaning |
|---|---|---|
| No evidence | NONE | No exploit or proof-of-concept code found |
| Proof of concept | POC | PoC code published (GitHub, exploit-db, etc.) |
| Functional | FUNCTIONAL | Working exploit available - may require skill to use |
| Weaponized | WEAPONIZED | Confirmed active exploitation in the wild (KEV) |
How It Is Set
BreachSpider evaluates three Boolean fields to set exploit_maturity:
kev_flagged- KEV-confirmed active exploitationhas_public_exploit- Functional exploit publicly availablepoc_available- Proof-of-concept code available
Priority order:
WEAPONIZED if kev_flagged
FUNCTIONAL elif has_public_exploit
POC elif poc_available
NONE else
A CVE in the KEV catalog is always WEAPONIZED regardless of other flags, because the KEV catalog requires confirmed in-the-wild exploitation before adding an entry.
In the API
"exploitation": {
"kev_flagged": true,
"has_public_exploit": false,
"poc_available": true,
"exploit_maturity": "WEAPONIZED",
"actively_exploited": true
}
The list endpoint also surfaces exploit_maturity directly on each item card for efficient filtering and display without fetching full detail.
Triage Guidance
| Maturity | Suggested Response |
|---|---|
| WEAPONIZED | Emergency patch, isolate if cannot patch in 24h |
| FUNCTIONAL | Patch within 48-72 hours, review network exposure |
| POC | Patch at next maintenance window, monitor for escalation |
| NONE | Standard risk-based patch prioritization |